Cyber Threats: Information as a Weapon?

ILOVEYOU was a computer worm that started spreading in the Philippines and then attacked tens of millions of Windows personal computers in 2000. This step back in history reminds us that information and communications technology (ICT) security threats have changed dramatically in just a decade. It is in this context that, on 9 October 2013, the United Nations Institute for Disarmament Research (UNIDIR) convened an informal meeting at the United Nations Headquarters entitled “Cyber Threats: Information as a Weapon?”

The event was chaired by Kerstin Vignard from UNIDIR. At the beginning she presented a recent UNIDIR publication entitled “The Cyber Index: International Security Trends and Realities” that aims at serving as a “snapshot” of current cybersecurity activities at the national, regional, and international levels. She said such information is critical to help policymakers and diplomats gain a better understanding of the new challenges that cyber space offers and, ultimately, reduce the risks of conflict.

What is the connection between the game Rock-Paper-Scissors and cyber weapons? Tim Maurer, from the Open Technology Institute and the New America Foundation, insisted that cyber weapons are a volatile concept depending on the purpose and the context in which they may be used. The example of the game Rock-Paper-Scissors, in this regard, is instructive: the scissors, depending on whether the rock or the paper is played against them, may or may not be considered threatening. Cyber weapons constantly and quickly change. As a consequence, a single winning strategy against cyber threats does not exist.

Does the right to self-defense apply when a State has been attacked through cyber space? Karstan Geier, from the German Federal Foreign Office, detailed the German three-step response to tackle cyber warfare threats and related new challenges. The first is to increase cyber resilience on a global scale. Second, tackling questions such as how international law applies to cyber activities is crucial. Finally, Germany advocates and supports confidence-building measures between States within the context of great uncertainty over issues such as attribution for cyber attacks.

Today, cyberspace is rapidly evolving. Sean Costigan, from the PfPC/NATO, explained the new strategic context in his presentation. Some activists use it in order to protest through internet hacking, criminals can use it to make money by selling data collected on the internet, and it can even be used as a new battleground for conflicts between States. Cyber space offers new challenges to States for many reasons: (i) it falls under few international regulations, (ii) it tends to ignore state borders, and (iii) it does not always differentiate between the public and the private spheres.

The three panelists agreed that even if preventing cyber attacks is not 100% possible, closer cooperation between States aimed at improving norms, rules or principles of responsible behaviour of states, is a good first step.

Their presentations were followed by an informal question and answer session with the packed room of attendees.